This notice explains how we use your personal data, describes the categories of personal data we process and for what purposes. It applies when you use any of our services. We are committed to collecting and using personal data fairly and in accordance with the requirements of the General Data Protection Regulation (GDPR).
We are committed to ensuring that your information is kept safe, secure and used responsibly, and we have put in place appropriate technical and other security measures to protect it.
What kind of personal information we use
We use many different kinds of personal information depending on the services we deliver or offer to you or how we otherwise interact with you. For all products and services we need to use the following personal data: full name, address, email address, telephone number, contact details.
How we collect your personal data
We collect personal data:
- directly from you, when you first instruct us and provide us with your proof of identification, address and contact details;
- from other organisations such as Insurance companies and fraud prevention agencies;
- from organisations to which you have given your consent to share your personal data with us for specific purposes, such as data transfer, backup or system migrations;
How we use your personal data
Data protection law says that we can only use personal data if we have a proper reason to do so. For example, these reasons include fulfilling a contract we have with you, when we have a legal duty, when it is in our legitimate interest or when you consent to its use. When data protection law allows us to process your personal data for our own legitimate interests, it is only allowed provided those interests do not override your own interests and/ or your fundamental rights and freedoms.
An example of us using your personal data when we have a legal duty, is where we must do so in order to comply with anti-money laundering obligations.
Our purposes for processing your personal data
We will only ask you for your personal data where it is necessary to fulfil the following purposes. Where providing us with your personal data is optional, we will inform you of this. Our purposes are grouped under our legal bases for processing.
Fulfilling our legal obligations
Please see the section headed ‘Your Privacy Rights‘ for information on your right to object to processing of your personal data based on our legitimate interests.
- Checking your identity;
- Maintaining records of our business, as required by law - for instance, keeping records of our accounts;
- Complying with laws which require us to provide information, directly or indirectly to any national authority, for the purpose of calculating and collection of tax;
- To otherwise meet our obligations under all laws and regulations based on law which apply to our business activities;
- Responding to enquiries and requests for information by any of our Regulators;
- Creating and submitting reports required by any of our Regulators;
- Identifying and managing risks to our organisation; and
- Where we have a duty to protect vulnerable customers.
- To share information with third parties for the purpose of preventing fraud and financial crime (see section headed, ‘Fraud Prevention Agencies‘ below).
Retaining your personal data
We will retain your personal data for as long as we are obliged, under relevant legislation and regulation, or where no such rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the point at which the obligation to retain a record containing your personal data begins. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims. We may also retain data for longer periods for statistical purposes, and if so we will anonymise or pseudonymise this.
Your Privacy Rights
You have the right to object to how we process your personal data. You also have the right to see what personal data we hold about you. You can ask us to correct inaccuracies, delete or restrict personal data or ask for some of your personal data to be provided to someone else. These rights are explained in more detail below.
Requests to exercise your rights to your personal data can be made TO OUR Data Protection Officer by:
- By post: to "Data Protection Officer, i612.net Limited, Mulberry, Chipping Campden, Gloucestershire. GL55 6DJ"
- By telephone: on 01386 841 631
Your data protection rights are subject to certain restrictions and conditions. We will assess your request and where we decide not to act upon this, we will notify you of our reasons for this. We will not make a charge for handing your rights request, unless we consider this to be manifestly unfounded or excessive (particularly if this is repetitive).
You have the right to complain to us and to the data protection regulator, the Information Commissioner‘s Office, whose address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. You can find out how to report a concern on their website at: https://ico.org.uk/reportaconcern
Your rights are:
To be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. We fulfil this right by giving you this notice.
Access to your personal data: You can request access to a copy of your personal data that we process as a data controller, together with details of why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
Right to withdraw consent: If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will tell you.
Right to object: You may object to our processing of your personal data by us, where this processing is based on our legitimate interests or in the public interest. We will assess whether our interest in continuing to process your personal data overrides your rights and freedoms. If not, we will stop processing your personal data. Either way, we will inform you of the outcome.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.
Erasure: This is also known as "the right to be forgotten" and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.
Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided with your consent or in relation to the products you have with us, and which we process by automated means, such as your account transaction data.
Restriction: You can ask us to restrict the personal data we use about you where:
- it is inaccurate;
- you have asked for it to be erased;
- you have objected to our use of it; or
- where you need this for the bringing or defending of legal claims.
When you have asked us to restrict the use of your personal data we may still store your information but will not use it further without your consent, unless we need to process it:
- to bring or defend legal claims;
- to protect the rights and freedoms of other individuals; or
- for other important public interest reasons.
Keeping up to date
We keep our Privacy Notice under regular review. This notice was last updated in May 2018.